The Slow Shift Toward Passwordless Access

A survey of 500 DevOps and security professionals suggested that shifting away from legacy authentication technologies to embrace passwordless approaches to cybersecurity is going to require significant amounts of time and patience.

The survey, conducted by the market research firm Schlesinger Group on behalf of Teleport, found 87% of respondents actively moving toward some type of passwordless approach to managing access. More than three-quarters (78%) of respondents, for example, have an active initiative to move to biometric authentication, with more than half (55%) of respondents already using biometrics in their systems.

However, the overall rate of adoption remains comparatively low, with 80% of respondents reporting their organization still uses passwords as a security method. More than half (57%) of respondents also said their organization implemented new security methods that failed to be adopted by employees. A full 62% of respondents specifically noted privacy concerns as their biggest challenge when adopting biometrics.

Michael Ferranti, chief marketing officer for Teleport, said any successful change to access management is going to have to be more convenient than a password. The issue most organizations encounter today is that the approaches used to verify identity are too complex. The Teleport Access Plane, in contrast, makes it possible to issue certificates programmatically and provides a single source of truth for managing the identities of all users, infrastructure resources and custom applications.

Less than a quarter (24%) of respondents, for example, said they are 100% confident that ex-employees no longer have access to IT infrastructure operated by their former company. Nearly half of the organizations surveyed are less than 50% confident that former employees no longer have access to infrastructure, the survey found. A full 60% of respondents are concerned about employees leaving the organization with secrets and knowledge about how to access infrastructure.

In theory, passwordless approaches to security should alleviate those concerns. However, IT teams now find themselves using 5.7 different tools, on average, to manage access policies; as a result, access management is becoming more rather than less complex. Almost all (94%) respondents strongly agree or somewhat agree that this automation is critical for streamlining compliance costs.

Overall, 85% of respondents said their organization increased security spending within the last 12 months. The shift toward zero-trust IT architectures has become a major driver of that spending. As defined by the National Institute of Standards and Technology (NIST), zero-trust IT is an “evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets and resources.” As such, no implicit trust is granted to assets or users based solely on their physical or network location or asset ownership.

Most cybersecurity professionals realize that’s not necessarily a new idea. Forrester Research analyst John Kindervag is credited with popularizing the term in 2010, but the concept itself can be traced back as far as 2004. The fundamental shift that is occurring today is rather than relying on hardware to achieve that goal, it’s employing software to lock down the IT environment.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 745 posts and counting.See all posts by mike-vizard